Versions Compared

Old Version 4

changes.mady.by.user Mont Rothstein

Saved on

compared with

New Version 5

changes.mady.by.user Mont Rothstein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If the web server is public facing then a free certificate can be obtained using Let's Encrypt. follow Follow the instructions in SSL/TLS using Let's Encrypt

...

  1. Identify the Certificate Authority (CA) - If you need to setup Microsoft Certificate Services the following links may help:
  2. Install the Certificate - Request and install a certificate for the website under which the application will run. See: How to Get a Certificate from an internal CA
    • The certificate must be created for a website (ex: Default Web Site) not the virtual directory for the web application.
    • A Bit length of 2048 is recommended.The website (ex: Default Web Site) does not have to be set to require SSL. That can be set on the virtual directory for the web application.
    • See this Microsoft KB article for more information: http://support.microsoft.com/kb/299875

IIS Configuration

Binding

Add an https site binding

Info
Skip this if Certify SSL Manager was used to obtain the certificate as it will already be done.

Add an https site binding

  1. Select the Website that contains the web application (ex: Sites/Default Web Site)
  2. In the Actions pane, click Bindings... 
  3. In the Site Bindings dialog click Add...
  4. Add https Binding
    1. Type: https:
    2. IP Address: All Unassigned
    3. Port: 443
    4. SSL certificate: Select the certification you installed
    5. Click OK
  5. Click Close

...

  1. Open web.config
  2. Find <services>
  3. For each endpoint within each <service> do one of:
    1. For HTTPS access only: Edit “Http” in binding value to “Https”.

      Ex: “basicHttpBinding” ➔ “basicHttpsBinding”; “mexHttpBinding” ➔ “mexHttpsBinding”

    2. For both HTTP and HTTPS access: Add a copy all endpoints with “Http” in binding value and edit value to have Https.

      Ex: Copy endpoint line and edit “basicHttpBinding” ➔ “basicHttpsBinding” – Use this if both HTTP and HTTPS will be used.

URL Rewrite

Redirect HTTP to HTTPS.

Info

If HTTP is going to be blocked then this section can be skipped. What that means is that if HTTP is used the URL will be denied, not redirected to HTTPS.


  1. Install the URL Rewrite Module for IIS: http://www.iis.net/downloads/microsoft/url-rewrite
  2. Require SSL should must not be checked for either Default Web Site or for the any application (ex: AdamsAdmin, AdamsWeb, AdamsBridge, etc) under that.  You can check the SSL Settings for each to see that it isn’t.
  3. Create the URL rewrite rules for each web application (i.e. Adams Web, Adams Admin, Adams Bridge) the Default Web Site
    1. In IIS Manager , select the application (ex: AdamsWeb, AdamsAdmin, AdamsBridge) under Default Web Site
    2. In the application’s IIS section, open the URL Rewrite module

      NOTE: If the URL Rewrite module does not appear as an option after installing it, try closing and reopening IIS Manager.

    3. Click Add Rule(s)…
    4. Select Inbound rules > Blank rule
    5. Select OK
    6. Fill in the following information
      1. Name - HTTP to HTTPS Redirect
      2. Match URL
        1. Requested URL - Matches the Pattern
        2. Using - Regular Expressions
        3. Pattern - (.*)
        4. Ignore case - checked
      3. Conditions
        1. Logical grouping: Match All
        2. Click Add…
          1. Condition input - {HTTPS}
          2. Check if input string - Matches the Pattern
          3. Pattern - ^OFF$
          4. Ignore case - checked
          5. Click OK
          Click Add…
          1. Condition input - {PATH_INFO}
          2. Check if input string - Matches the Pattern
          3. Pattern -  <APPNAME>.*  Replace <APPNAME> in this pattern with the web applications name. Ex:
            AdamsWeb.*
            AdamsBridge.*
            AdamsAdmin.*
            Ignore case: checked
          4. Click OK
      4. Action
        1. Action type: Redirect
        2. Redirect URL: https://{HTTP_HOST}/<APPNAME>/ Replace <APPNAME> with the web application name. Ex:
          https://{HTTP_HOST}/AdamsWeb/
          https://{HTTP_HOST}/AdamsBridge/
          https://{HTTP_HOST}/AdamsAdmin/
          {REQUEST_URI}
        3. Append query string: un-checked
        4. Redirect type: Permanent (301)
    7. Click Apply (in the upper hand corner)
    8. Click Back to Rules
    9. Restart the web application pool

...

Tip
Test to make sure that users can access the web application site and applications using both http:// and https:// with http:// redirecting to https://

...